[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Formmail + RBL checking

Subject: [cobalt-security] Formmail + RBL checking
From: cobalt@xxxxxxxxxxxxx
Date: Mon, 19 Aug 2002 15:42:28 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,

I have modified the standard formmail.pl script from Matts Script 
Archive to do some RBL (Relay black list ) checking.

Basically, it works for me, but I am interested in some peer 
feedback.

I don't really count mysql as a perl guru so feel free to send me 
suggestions / improvements / flames.

The script uses the perl module:

	Mail::RBL

available from CPAN.
(http://search.cpan.org/author/LUISMUNOZ/Mail-RBL-1.00/)


The script is available here:

http://www.fishnet.co.uk/formmail-rbl.zip

There are several options at the beginning which can be modified.  
There is also a html page which contains a test form.  Please modify 
these to reflect your setup.

Who this is for
-------------------

Basically you need to know how the usual formmail script works, how 
to install perl modules and how to use a cgi-script.  You will also 
have to change permissions on files and edit them.

If you don't know how to do these things then try by all means, but 
this isn't really the list to ask those sort of questions.  You can 
ask me if you like, but I won't guarantee that I will answer.  Not 
because I'm ignorant, but because I am at work and am very busy.

How it works
-----------------

The usual 'referer' and  'recipient' variables must be set.

The script checks if the referer is allowed (which can be faked), if 
it is, the script then checks the 'whitelist', if the users IP 
matches, it is allowed to relay.

If it is not in the whitelist, the script moves on to the blacklist, 
if found, it is blocked immediately.  If not found then the rbl 
checks are done.  If the users IP is found in any of the rbl lists, 
then the mail is blocked.

What needs doing
------------------------

Modify to allow host names in whitelists & blacklist - help ?

More info in rejection message - ie. urls for blacklists etc.

Hacks to get it working
------------------------------

1. Raq 4i

I had to install these modules first in order to install Mail::RBS

File::Spec
ExtUtils::MakeMaker

Once Mail::RBS is installed, I had to modify the module:

usr/lib/perl5/site_perl/5.005/Mail/RBL.pm

First, change perms so you can write to the file.

Then patch out the following lines:

1 package Mail::RBL;
2 
3 #require 5.005_62;
4 use strict;
5 #use warnings;
6 use Carp;
7 
8 #our $VERSION = '1.00';

( line numbers added for clarity) 



2. Windows

Installed Mail::RBL - It worked.

This is the first instance in my life where I have had to hack the 
linux version more than the windows one - strange...

----------------------------

DISCLAIMER
------------------
I am not guaranteeing that this will work , stop spammers or even 
leave your server in a workable state, so please don't blame me.

It all works for me, but that may have been a fluke.

Thats it.

Regards

Ian
--

Follow-Ups:
- Re: [cobalt-security] Formmail + RBL checking
  - From: Jonathan Michaelson

Prev by Date: Re: [cobalt-security] Sendmail - (was: SHP flaw)
Next by Date: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION REQUIRED!
Previous by thread: [cobalt-security] Votre message
Next by thread: Re: [cobalt-security] Formmail + RBL checking

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index